IDMWORKS Blog

Best Practices for Logging

Setting up logging is one of the first things to configure when setting up a SailPoint IdentityIQ environment for the first time.

Although there isn’t any set standard I have seen in setting up logging, there are a few simple steps I usually take to make life easier when trying to look through the logs.

It is important to note that this is not absolutely necessary, but helpful in differentiating between apache logs and IIQ logs. Without setting up these logs, all logging information on IIQ will be sent directly to standard out (stdout) by default. However, there are other logging options defined in the IIQ log file, but are commented out using #. The log file is located in identityiq/WEB-INF/classes folder. The file name is log4j.properties.

In my opinion the best practice is to separate IIQ logs from all other logs by setting up the daily rolling file appender. Doing this will create a new log file each day. This helps with the management of logs. It takes 2 easy steps to set this up:

Step 1

Uncomment the following lines in the log file by removing the # symbol infront of the line.

Note that the location the files will go to is “C:\Program Files\Apache Software Foundation\apache-tomcat-7.0.64\logs\sailpoint.log”. This location can be changed.

Step 2

Set the rootLogger by changing the following line

log4j.rootLogger=warn,stdout to log4j.rootLogger=error,RollingAppender.
This is all that is needed to setup rolling logs with iiq.

Note that there are a numerous amount of lines commented out in the bottom. Uncomment lines are necessary when working with an object to see the logs. An example will be adding/uncommenting the line log4j.logger.sailpoint.WorkflowTrace=trace . This will allow you to see the logs in a workflow you are currently running or working on.

Questions, comments or concerns? Feel free to reach out to us below, or email us at IDMWORKS to learn more about how you can protect your organization and customers.